package com.vteba.security.filter;

import java.util.List;
import java.util.regex.Pattern;

import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;

import org.springframework.security.web.util.matcher.RequestMatcher;

/**
 * 默认的跨域请求拦截匹配器
 * 
 * @author yinlei
 * @date 2015年7月5日 下午5:46:37
 */
@Named
public class DefaultRequiresCsrfMatcher implements RequestMatcher {
	private Pattern allowedMethods = Pattern
			.compile("^(POST|GET|HEAD|TRACE|OPTIONS)$");
	private List<String> execludeUrls;

	public List<String> getExecludeUrls() {
		return execludeUrls;
	}

	public void setExecludeUrls(List<String> execludeUrls) {
		this.execludeUrls = execludeUrls;
	}

	public boolean matches(HttpServletRequest request) {
		if (execludeUrls != null && execludeUrls.size() > 0) {
			String servletPath = request.getServletPath();
			for (String url : execludeUrls) {
				if (servletPath.contains(url)) {
					return false;
				}
			}
		}
		return !allowedMethods.matcher(request.getMethod()).matches();
	}
}
